Получение сертификата SSL для синхронизации пользователей по протоколу LDAPS
-
Для извлечения сертификата LDAP-сервера выполните команду в консоли:
openssl s_client -showcerts -connect <active_directory_domain_controller_address>:<ldap_ssl_port>Пример:
openssl s_client -showcerts -connect 10.169.20.3:636Пример вывода команды:
Connecting to 172.28.15.144 CONNECTED(00000004) Can't use SSL_get_servername depth=0 O=Samba Administration, OU=Samba - temporary autogenerated HOST certificate, CN=DEV-LCM-VM0106.lcm.terra.inno.tech verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 O=Samba Administration, OU=Samba - temporary autogenerated HOST certificate, CN=DEV-LCM-VM0106.lcm.terra.inno.tech verify error:num=21:unable to verify the first certificate verify return:1 depth=0 O=Samba Administration, OU=Samba - temporary autogenerated HOST certificate, CN=DEV-LCM-VM0106.lcm.terra.inno.tech verify return:1 --- Certificate chain 0 s:O=Samba Administration, OU=Samba - temporary autogenerated HOST certificate, CN=DEV-LCM-VM0106.lcm.terra.inno.tech i:O=Samba Administration, OU=Samba - temporary autogenerated CA certificate, CN=DEV-LCM-VM0106.lcm.terra.inno.tech a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256 v:NotBefore: Oct 19 14:59:09 2023 GMT; NotAfter: Sep 18 14:59:09 2025 GMT -----BEGIN CERTIFICATE----- MIIF0DCCA7igAwIBAgIEPUQxZTANBgkqhkiG9w0BAQsFADCBhTEdMBsGA1UEChMU U2FtYmEgQWRtaW5pc3RyYXRpb24xNzA1BgNVBAsTLlNhbWJhIC0gdGVtcG9yYXJ5 IGF1dG9nZW5lcmF0ZWQgQ0EgY2VydGlmaWNhdGUxKzApBgNVBAMTIkRFVi1MQ00t Vk0wMTA2LmxjbS50ZXJyYS5pbm5vLnRlY2gwHhcNMjMxMDE5MTQ1OTA5WhcNMjUw OTE4MTQ1OTA5WjCBhzEdMBsGA1UEChMUU2FtYmEgQWRtaW5pc3RyYXRpb24xOTA3 BgNVBAsTMFNhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0ZWQgSE9TVCBjZXJ0 aWZpY2F0ZTErMCkGA1UEAxMiREVWLUxDTS1WTTAxMDYubGNtLnRlcnJhLmlubm8u dGVjaDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANnnfyyW1P1I80Cw t/TVWTZTRXIHKNPECGz3flV7XzxECUwMN/TZoft3uucukWs6jsa53REmIsjIgUrQ 3FiQn4lo/fzuC5gbwF9RE7jA3OcankaDjL5exB8FHtVUFy0hjAKulsZ1L1bO2Z49 2SAZpK64B9IOI092rV2DyiBkkVh3xCRHUpm97Buzvt8ERQsDEGWx8lYJl66F/Zi4 2QnIlMn1D7Q1VVp5OggqPaua3il9s3q7uoS6hXuin/AD6i3ddT3tHeBP/L/j3bdr oesfQl5xd15d0xCdUqMteyMpa+aMj1Sln32hpaM4U4Q8sIn4cLOd+8ZjRclyZyFe wRyV4Ox9WKfOlwh+vRNE28zNbhU0ljJM4qIj8mXTAewHCI6xLQEYFjy1GJf7KS6C o2Ub5+FwnZ72tXvB99STgvhyD6JhoSThy0OHjqx5Z9HK6Pjx+QPlkk4JEO/KRl0s zneehA06XdUUQc2G/Cn5wVMdZpfo3OXiePsEKZKg2AA979TvsqqqCWAbNG4RbXyK riCtFyJqqwEiUEOeYr0y65AHV/jD1NlPIYGUzXlFhBnFJlLOoXN04J58p4UbTcdd mBBHPmGk69W6Oxf5oF7HJsfZrxHVe8j4lpNH/Ybh54g9otoqpxP157H26dqcRvZM mxXDJtg4AoWsoGQXM1ej4S7kwJclAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwEwYD VR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFOP4eYlKWA77ur5P4ys0xE57aRGj MA0GCSqGSIb3DQEBCwUAA4ICAQCHDPbmgIpfqXoKh0x3FtNt6EecJvdLtRPHrBO+ MHXL9o7SZyqtbXs4mhsoMbP8GGGcJtem02ELZosWLr1/2cg0d9uQuhpB5zLwrTiV E7u7ZVADXJc75gMxulBPHDLaUT8AdP0GEVt6W6dw1xQULT1CGI9728vsZ+q9VetK 3qgtx/lAB16wJKhm0LMxS9FAR2iOfHgnVYHqKMQKkNUecV95imo10G44P6sj4wSt L7lB+Za2EA//7OdGvQYeCQCSbpQQbNPV0g1LHXJ/eO5y1EEIRm4gtsTyipg/52fC VRTmGw5jZUEzUZBCUY/A4XiyoczqfuO+tGT0rLBZVmP7EC7/KJt3EKnu1CQgkv8w gPkgYNX6+2zuOCUirXY8QqciQqD44SSyS2+LNk5qfftoxcNZ5yBiOiJDZ9KayW+F t0OwfgTAvGBoBDQ5Gkop1sAEXFEoEhRO8ktOFLjnG6vxEPc35Wj3qX9K3Tye03ue hbxv5qrzs5STOF1fqbTuckuP+91ysuNbKvivlB1nlXBXgycoqYRF6/uU/sK1Xesb YJ8oYR+7edrYyRpz1WECR9MAS9iH49RfaEVO+8pSxuGwUMtaiKA4BQo02aGLMKDW hFtNhfVEmARoKPkuqdIoxjWL9bltPal6mr1ku2P5TwIyQIWHfI1C+mqnxlh2Z78Z MDjQmQ== -----END CERTIFICATE----- -
Извлеките сертификат из вывода команды и создайте файл с сертификатом.
-
Сохраните файл с сертификатом на сервере, на который будет устанавливаться бэкенд продукта. Путь к файлу необходимо будет указать на этапе его настройки.